The Super Secure Bank is an application with many security issues. You have until April 22 to see what you can find.
In the security world, these are called Problem/Vulnerability/Issue Reports and they sometimes are tens of pages long each. I don't expect to see that from you, but this is what you expect to produce from a security audit.
This is not a prescribed exercise. You need to use what you know and your technical expertise to find things that look to you like they might be security vulnerabilities. So as you go through the application, keep good notes about things that look like they might be of interest and then go back and see what you might find. You are effectively creating a threat model; a list of potential threats that need investigation.
Include your notes in the document you turn in. What I usually do is open a Word document while I get to know the application and I put in notes of things that I see. From that, I create the list of threats, and then I go back and try to find exploits.